ROS 6, OpenSSL, and package updates?

xeltros wrote:

I'd like to temperate a bit. Yes you NAS are vulnerable unless fully patched (in security, the overall security level is the one of the weakest link). That said I don't see anyone wanting to put some effort hacking a single NAS in an unknown network. If you use them in enterprise, they don't have access to internet, so danger comes only from insiders (yep I know most of critical attacks on an information system come from inside). On top of that I read this : http://www.theverge.com/2014/4/11/56043 ... -after-all So if you want to patch, do it, that's always a good idea to be fully patched. Otherwise I think you'll need to wait a month at least to get official patch unless it's been silently released under 6.1.7 security fix section. (6.1.7 has gone final today, so no RC6 to fix it and I don't think 6.2.0 will be released in april, I may be wrong though).

Did the 6.1.7 update before and I think its patched (I did not upgrade the packages myself so must have been the firmware).

root@e1:~# dpkg -l | grep ssl
ii libssl1.0.0:armel 1.0.1e-2+deb7u6 armel SSL shared libraries
ii openssl 1.0.1e-2+deb7u6 armel Secure Socket Layer (SSL) binary and related cryptographic tools

root@e1:~# openssl version -b
built on: Tue Apr 8 10:12:55 UTC 2014